If you have never coded php and are "clueless with how to go about this" you have taken on a fairly complex bit of scripting.
You don't have to use a database, you could store the usernames and passwords in a file and that is a lot simpler. Don't store the passwords in the clear, use something like md5() to encode them.
You do need to use sessions, preferably with cookies, to remember the user as he goes from page to page.
The workflow is that at the top of the restricted page (pages) you ask if the visitor has logged in by checking a session variable. If yes, show the working page. If not, show the log in page. If he logs in properly you set the session variable accordingly.
But it gets more complicated because the user should be able to change his password and to do so you should authenticate it by email.